Practical Networking .net
post

Access Control Lists (ACLs)

Access Control Lists, or ACLs, are a tool that is used to define traffic on Cisco routers.

By themselves, they merely identify a particular set of traffic. How you apply the ACL then determines what occurs to that traffic.

For instance, if you apply an ACL to…

  • … an interface? Matched traffic is allowed through
  • … a Crypto map? Matched traffic is secured and sent through a VPN
  • … a NAT configuration? Matched traffic is translated
  • … a NAT Exemption configuration? Matched traffic is not translated
  • … a Route Map? Matched routing advertisement are accepted
  • … a QoS Classification? Matched traffic is prioritized (or de-prioritized)

The core of doing any of these successfully is understanding how to configure access lists on Cisco routers. And that is what this video series will teach you.

Of all the ways to apply an ACL listed above, the most common is to applying and ACL to an Interface. The purpose of such an ACL is to filter the “bad packets” from the “good packets”. In fact, when you apply an ACL to an interface, it is sometimes referred to as a Packet Filter.

To that end, Packet Filter ACLs are the focus of this video series.

In Video 1, we look at the core definition of access-lists. Then we discuss the ideas of Standard and Extended access-lists. And we finish by illustrating the concept of applying one ACL per interface, per direction, per protocol.
In Video 2, we look at every part of the syntax for the configuration of Numbered ACLs. We discuss all the commands required to configure a Numbered Standard ACL and a Numbered Extended ACL.
In Video 3, we configure a Numbered ACL on a live Router to match a particular set of packets. This demonstration, along with the explination of the syntax in the prior lesson will give you everything you need to succesfully configure Numbered ACLs.
In Video 4, we look at Named ACLs, and unpack the syntax differences between Named ACLs and Numbered ACLs. We highlight where the syntax is the same, and discuss where it is different.
In Video 5, we continue where we left off and re-configure our Numbered ACL as a Named ACL (from Video 3). Then we spend the rest of the video demonstrating the features of Named ACLs which don’t exist in Numbered ACLs.
In Video 6, we look at IPv6 ACLs. We will show you the syntax for configuring an ACL to match IPv6 traffic. Specifically, we will show you how the syntax is similar to what you already know.
In Video 7, we circle back to Video 1 and show you the syntax required to apply the ACLs we created to Router Interfaces.
In Video 8, we discuss the “rules” of applying ACLs closer to the source or closer to the destination. We talk about why these “rules” exist, and a practical reason to ignore them.

To access the specific timestamps of what is covered in each video, check out each video’s correlating blog post:

If you’re studying for the CCNA or learning how to operate Routers, this video series will be the last you need to watch to understand Access Control Lists.

Hope you enjoy!

Speak Your Mind

*